History

Priority

must

May 2019

Removed

Security control 0122 was removed due to being a duplication of the intent of security control 0043.

Apr 2019

Roles, responsibilities and procedures for managing cyber security incidents are detailed in each system’s security documentation.

Security control 0122 was modified to include the documentation of roles relating to the management of cyber security incidents.

Mar 2019

Cyber security incident responsibilities and procedures are detailed for each system in their security documentation.

2015

Agencies must detail cyber security incident responsibilities and procedures for each systemin the relevant SSP, SOPs and IRP.

2010

Agencies must detail cyber security incident responsibilities and procedures for each system in the relevantSSP, SOPs and IRP.

2008

Agencies must detail ICT security incident responsibilities and procedures for each system in the relevant system security plan and standard operating procedures.